Browse Source

added references

master
Bernie Hoeneisen 3 years ago
parent
commit
26b59a90d2
5 changed files with 56 additions and 17 deletions
  1. +15
    -16
      medup-requirements/draft-symeonidis-medup-requirements.mkd
  2. +19
    -0
      shared/references/diaz-measuring-anonymity.mkd
  3. +13
    -0
      shared/references/pfitzmann-terminology-privacy.mkd
  4. +8
    -0
      shared/references/tor-timing-attacks.mkd
  5. +1
    -1
      shared/references/unger-sok.mkd

+ 15
- 16
medup-requirements/draft-symeonidis-medup-requirements.mkd View File

@ -155,7 +155,9 @@ https://autocrypt.org/background.html
# Basic Functional Requirements
This section outlines the functional requirements. We follow the requirements extracted from the literature on private emails and instant messaging~\cite{Unger,Ermoshina,Clark}
This section outlines the functional requirements. We follow the
requirements extracted from the literature on private emails and
instant messaging {{Unger}}.
* Message: send and receive message(s)
* Multi-device support: synchronisation across multiple devices
@ -241,11 +243,10 @@ can be from local controlling one point of the communication channel
such as an entity or a communication link of the network. It can also
be a global adversary controlling several entities and communication
links of the channel, gaining the capability of correlating traffic
such as in timing attacks even for end-to-end communication
systems<!-- ~\cite{torwebsite:timing-attacks} -->. Therefore,
confidentiality of messages exchanged in the system should be
guaranteed with the use of encryption schemes such as symmetric,
asymmetric, or homomorphic encryption.
such as in timing attacks even for end-to-end communication systems
{{Tor}}. Therefore, confidentiality of messages exchanged in the
system should be guaranteed with the use of encryption schemes such as
symmetric, asymmetric, or homomorphic encryption.
### Tampering With Data and Data Authentication
@ -294,12 +295,11 @@ such as the message operators, the network node or third parties. To
mitigate identifiability threats, the anonymity of users must be
guaranteed. It is defined as the "Anonymity of a subject from an
attacker’s perspective means that the attacker cannot sufficiently
identify the subject within a set of subjects, the anonymity set"<!--
~\cite{pfitzmann2010terminology} -->. Essentially, to enable
anonymity, there is always need to be a set of possible subjects such
that for an adversary the communicating user can be equally likely of
any other user in the set<!-- ~\cite{DBLP:conf/pet/DiazSCP02}
-->. Thus, an adversary cannot deduce who is the originator of a
identify the subject within a set of subjects, the anonymity set"
{{Pfitzmann}}. Essentially, to enable anonymity, there is always need
to be a set of possible subjects such that for an adversary the
communicating user can be equally likely of any other user in the set
{{Diaz}}. Thus, an adversary cannot deduce who is the originator of a
message. Anonymity can be achieved with the use of pseudonyms and
cryptographic schemes such as anonymous remailers (i.e., mixnets),
anonymous communications channels (e.g., Tor), and secret sharing.
@ -328,10 +328,9 @@ parties. In contrast to anonymity and unlinkability, where the
relationship from an IOI to a user is preserved, undetectability is
defined as "Undetectability of an item of interest (IOI) from an
attacker’s perspective means that the attacker cannot sufficiently
distinguish whether it exists or not."<!--
~\cite{pfitzmann2010terminology} -->. Undetectability of IOIs can be
guaranteed with the use of cryptographic schemes such as Mix-nets and
obfuscation mechanisms such as dummy traffic.
distinguish whether it exists or not." {{Pfitzmann}}. Undetectability
of IOIs can be guaranteed with the use of cryptographic schemes such
as Mix-nets and obfuscation mechanisms such as dummy traffic.
## Information disclosure -- confidentiality


+ 19
- 0
shared/references/diaz-measuring-anonymity.mkd View File

@ -0,0 +1,19 @@
Diaz:
# target:
title: Towards Measuring Anonymity
author:
-
name: Claudia Diaz
ins: C. Diaz
-
name: Stefaan Seys
ins: St. Seys
-
name: Joris Claessens
ins: J. Claessens
-
name: Bart Preneel
ins: B. Preneel
date: 2002
seriesinfo:
PET: Privacy Enhancing Technologies, Second International Workshop, San Francisco, CA, USA, April 14-15, 2002, Revised Papers, pp. 54-68

+ 13
- 0
shared/references/pfitzmann-terminology-privacy.mkd View File

@ -0,0 +1,13 @@
Pfitzmann:
target: https://nyuscholars.nyu.edu/en/publications/sok-secure-messaging
title: "A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management"
author:
-
name: Andreas Pfitzmann
ins: A. Pfitzmann
-
name: Marit Hansen
ins: M. Hansen
date: 2010
# seriesinfo:

+ 8
- 0
shared/references/tor-timing-attacks.mkd View File

@ -0,0 +1,8 @@
Tor:
target: https://blog.torproject.org/one-cell-enough-break-tors-anonymity/
title: "One cell is enough to break Tor's anonymity"
author:
name: Tor Project
# ins:
date: Accessed 2019-06
# seriesinfo:

+ 1
- 1
shared/references/unger-sok.mkd View File

@ -1,4 +1,4 @@
Unger.SoK:
Unger:
target: https://nyuscholars.nyu.edu/en/publications/sok-secure-messaging
title: "SoK: Secure Messaging"
author:


Loading…
Cancel
Save